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Amendments to the Claims 

1 Claim i (currently amended): A computer program product for providing endrto-end user 

2 authentication for legacy host application access, said computer program product embodied on a 

3 computer-readable medium readable by a computing device in a computing environment and 

4 comprising: 

5 computer-readable program code means for establishing a secure session from a client 

^ 6 machine to a server machine using a digital certificate transmitted from said client machine to said 

^\ 7 «ervftr machine, wherein said dig* n 1 certificate represents lepiiauiling said client machine or a 

8 User thereof, 

9 computer-readable program code means for storing said transmitted digital certificate at 
1 o said server machine; 

1 x computer-readable program code means for establishing a session from said server 

12 machine to a host system on behalf of said client machine, responsive to establishment o^said 

1 3 secure session, using a legacy host communication protocol; 

1 4 computer-readable program code means for passing said stored digital certificate from 

15 said server machine to a host access security system^ responsive to receiving, at said serves 

16 machine, a request from said host system for log- on information of said user; 

1 7 computer-readable program code means, operable in said host access security system, for 

1 8 using said passed digital certificate to locate access credentials for said user; 

1 9 computer-readable program code means for returning, fr om said host access security 
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20 ^em to said serwr machine, a user identifier ass ociated with said located a<xess ,, credentiabj md 

21 either accessing a stored password or a generated password substitute representing said located 

22 credentials; and 

2 3 computer-readable program code means for using forwarding said stored returned user 

2 4 identifier and password or mid fei.iiu.ittd password substitute from said server machine to said 

25 host system as a response to said request for h *-*" information, such that said forwarded user 

26 identifier and password or password substit ute can be used bv said host system to transparently 
2 7 log said user on to a secure legacy host application executing at said host syste m^without 

28 requiring change to said host system . 

1 Claim 2 (original): The computer program product as claimed in Claim 1, wherein said digital 

2 certificate is an X.509 certificate. 



1 Claim 3 (currently amended): The computer program product as claimed m Claim 1 oi Claim 2, 

2 wherein said communication protocol is a 3270 emulation protocol. 

1 Claim 4 (currently amended): The computer program product as claimed in Claim 1 or-efarirn-2, 

2 wherein said communication protocol is a 5250 emulation protocol. 

1 Claim 5 (currently amended): The computer program product as claimed in Claim 1 or Claim 2, 

2 wherein said communication protocol is a Virtual Terminal protocol. 
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1 Claim 6 (original): The computer program product as claimed in Claim 3, wherein said host 

2 access security system is a Resource Access Control FaciUty (RACF) system. 

1 Claim 7 (original): The computer program product as claimed in Claim 1 , wherein said server 

2 . machine is a Web application server machine. 

1 Claim 8 (currently amended): A computer program product for providing end-to-end u$er 

2 authentication for legacy host application ac cess, said computer program product embodied on a 

3 computer-readable medium readable bv a computin g device in a computing environment and ^fre 

4 ujjnputcr piogram pr oduct as claimed in Claim 1 , further comprising: 

5 computer-readable prog ??™ code means for establishing a s ecure session from a client 

6 machine to a server machine using a digital certificate tran smitted from said client machine to .said 

7 server machine, wherein said digital certificate represents said cl ient machine or a user thereof; 

8 computer-readable program code means for sto ring said transmitted digital certificate at 

9 said server machine: 

10 computer-readable pro gram code means for establishing a session fro m said server 

11 machine to a host system on behalf of said client machine, responsive to estab lishment of said 

12 secure session, using a legacy ho ^ mmtniini caiion protocol: 

13 computer-readable program code means for automatically sending a log-on message from 

14 yaid client machine to said server machine, responsive t o receiving, at said client machine^ 
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15 r^ nrtt from said hn*t svstem for l o ^n information nf said user, wherein said log-on , message 

16 uses placeholder syntax in Place of a user ide ntifier and a pa ssword of said user, 
cnm putCT-r^H aW* pm pram co de means for passing said stored digital certificate fern 

«,id server machine in a host acces s security system, responsive to receiving, at said server 

19 machine, said log-on mefi f a ry fr ™" «*M client machine: 

20 computer-readable program ™de means, n nerahle in said host access security system, /pr 

21 nsin p said passed digital certificate to l o cate access credentials for said user; 

22 cnm puter-rea Hahlq prop ra m code means for returning frnm said host access security 

23 system to said server machine, a user identifier associate d with said located access credemials and 

24 either a stored password or a penerated password substit u te representing said located credentials; 

25 cnm mrter-readahle program code means for modifyin g- hv said server machine, said 

26 received log-on message by replacing sai d placeholder svntax with said returned user identifier 

27 and password or password substitute: and 

28 computer-readable program code means for forwa r ding said modified log-on message 

29 from said server to said host system as a response t o said request for log-on information, such 

30 that said user identifier and password or password substitute fro m said forwarded log-on message 

31 can be used hv said host svstem to transparently log said user on to a secure legacy host 

32 application executing at said host system, without r equiring change to said host svstem. 

33 computer* eadablc prog r am code means foi icqucsting by said l e gacy host a p plica t ion; 

34 resp o nsive lo sasA coiuputcr - readaMe program iodn means fo r e st ablishing said s essi o n, l o g on 

35 info r ma t ion foi said use r ; 
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36 lumputeiHiadabk, pr o gram co de means fo r responding to &aid req uest for log on 

37 iuTuiuutiuix by sending a log on message wilh placeholders from said ilimt machine to said server 

38 machine, sard plaidiuldas nonsuiting a usei klinlification and a passw o rd of Aad u^li, and 

39 Loujputuneadabli pxufejiam code means foi i>tibsliluling a usci identifier associated with 

40 said located access ucdcnlials and said sluicd passw o rd or said generated passlicKa fin Sdid 

41 placeholder iii said log on message. 

Claim 9 (canceled) 

1 Claim 1 0 (currently amended): A system for providing end-to-end user authentication for legacy 

2 host application access in a computing environment, comprising: 

3 means for establishing a secure session from a client machine to a server machine using a 

4 digital certificate transmitted from ^fowt ma chine to said server machine, wherein said digital 

5 certificate represents l e pieseming said client machine or a user thereof; 

6 means for storing said transmitted digital certificate at said server machine; 

7 means for establishing a session from said server machine to a host system on behalf of 

8 said client machine, responsive to establishment of said secure session, using a legacy host 

9 communication protocol; 

X 0 means for passing said stored digital certificate from said server machine to a host access 

11 security syste m, responsive to receiving, at said server machme,_a re^ue^t ftom said host system 

12 for log-on information of saiduser : 
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1 3 means, operable in said host access security system, for using said passed digital certificate 

14 to locate access credentials for said user; 

15 — ° r^mifr p. from said h »«t access security system to said server machine, a user, 

16 Identifier assocfrtftH with said located access cre dentials and either accessing a stored password or 

17 a generated password substitute representing said located credentials; and 

18 means for wtmg forwarding said stored yser identifier and password or said 

1 9 gummed password substitute from said server machine to said host system as a response to said 

20 reouest for loa-on information, such that said fo rwarded user identifier and password or password 

2 1 substitute can be used by said host system to transparently log said user on to a secure legacy host 

22 application executing at said host syste m, without requiring chance to said host system. 

1 Claim 1 1 (original): The system as claimed in Claim 10, wherein said digital certificate is an 

2 X.509 certificate. 

1 Claim 12 (currently amended): The system as claimed in Claim 1 0 or Claim 1*, wherein said 

2 communication protocol is a 3270 emulation protocol. 

1 Claim 13 (currently amended): The system as claimed in Claim 10 ur Claim 1 1 . wherein said 

2 communication protocol is a S250 emulation protocol 

1 Claim 1 4 (currently amended) : The system as claimed in Claim 1 0 or Claim 1 1 , wherein said 
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2 communication protocol is a Virtual Terminal protocol. 

1 Claim 15 (original): The system as claimed m Claim 12, wherein said host access security system 

2 is a Resource Access Control Facility (RACF) system. 

1 Claim 1 6 (original): The system as claimed in Claim 1 0, wherein said server machine is a Web 

2 application server machine. 

1 Claim 17 (currently amended): A system foi providins end-to-end user authentication for legacy , 

2 host application access i" * r^mput rng environment, Tim aj&lcm as claimed in Cla i m 10, farther 

3 comprising: 

4 cgeans for e gtahlishin p a secure session from a client mach ine to a server machine using a 

5 digital certif y transr nitted from said client machine _to_said server m achine, wherein said digital 

6 certificate represents said client ma chine or a user thereof. 

7 means for gtnrinp said transmitted digital certificate at said server machine: 

8 mrar^ for pstaHiahm| g a session from said server machine to a host system on behalf of 

9 said client machine, responsive to establishment of said secure session, using a 1egacy_ho_st 

10 communication protocol; 

11 means for automatically sending a log-on message from said client machine to said server 

12 machine- responsive to receiving, at_said_ client mac hine 1 a re quest from said host system for log- 

13 gn information of said user, wherein said loj^oiijnntessage i;ses placeholder syntax in place of a 
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14 user identifier and a password of said user: 

15 means for pas sin g said stored digital certificate from sa id server machine to a host access 

16 security system, responsive to receiving, at said server machine, sa id lo?~on message from said 

17 Hiflnt machine: 

18 means, operable in said host access security system, for using said passed digital certificate 

19 to locate access cred entials fo r said user; 

20 means for returning from said host access security system to said server machine, a user 

21 identifier associated with said located access credentials and either a stored password or a 
^22 generated password substitute representing said located credentials; 

23 means for modifying, bv said serve r machine, said received log-on message by replacing 

24 said placeholder syntax with said returned user identifier and password or password substitute: 

25 and 

26 means for forwarding said modified log-on message from said server to said host system 

27 as a response to said request for log-on information, such that said user identifier and password or 

28 password substitute from said forwarded log-on message can be used by saidiip st system to 

29 transparently lop said user onto a secure legacy host application executing at said host system 

30 without requiring change to said host system. 

31 means for r e que s ting by &aid legacy host application, responsive to said means fo r 

32 establishing sa i d session, log o n informati o n fo r said user; 

33 m e ans for r e sponding to said requ e st for log on information by sending a log o n messag e 

34 with placeholders fro m said client machine to said server machine, said placeh o lders representing 
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35 ar uscv iden t ificati o n and a pas&vvmd uf said use r , and 

36 meam fui AuUlimiiug a mcr id i uLifiu u^uiialLd with &aid luuilul aixcss uuluilijb and 

37 mid s t uiul pass wui J or mid geueialul pa^lLLa fui said placeholders m ^lid lug oa iuumsfc. 

Claim 18 (canceled) 

1 Claim 1 9 (currently amended): A method for providing end-to-end user authentication for legacy 

2 host application access in a computing environment, comprising the steps of: 

< 3 establishing a secure session from a client machine to a server machine using a digital 

4 certificate transmitted from said client machine to said s erver machine, wherein said digital 

5 certificate represents l e pie&uiting said client machine or a user thereof; 

6 storing $aid transmitted digital certificate at said server machine; 

7 establishing a session from said server machine to a host system on behalf of said client 

8 machine, responsive to establishment of said secure session, using a legacy host communication 

9 protocol; 

I o passing said stored digital certificate from said server machine to a host access security 

II syste m, responsive to receiving, at said server machine, a request from said host system for log-on 

12 information of said user : 

1 3 using, by said host access security system, said passed digital certificate to locate access 

1 4 credentials for said user; 

15 returning, from said host access security system to said server machine, a user identifier 
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16 associated with said located access ci^eirtiab_aod_ejatber acc e ssing a stored password or a 

17 generated password substitute representing said located credentials; and 

18 forwarding tismg said stored returned user identifier and password or said genera t ed 

1 9 password substitute from said server machine to said host system as a response to said request for 

20 log-on information, such that said forwarded user identifier and password or passworiLsifetittrte 

2 1 can be used by said host system to transparently log said user on to a secure legacy host 
2 2 application executing at said host syste m without requiring change to said host system . 

v 

1 Claim 20 (original): The method as claimed in Claim 19, wherein said digital certificate is an 
X J09 certificate. 

1 Claim 21 (currently amended): The method as claimed in Claim 19 or Claim 20 , wherein said 

2 communication protocol is a 3270 emulation protocol. 



1 Claim 22 (currently amended): The method as claimed in Claim 19 or Claim 20 , wherein said 

2 communication protocol is a 5250 emulation protocol. 

1 Claim 23 (currently amended): The method as claimed in Claim 19 or Claim -20, wherein said 

2 communication protocol is a Virtual Terminal protocol. 



1 Claim 24 (original): The method as claimed in Claim 2 1 , wherein said host access security system 

Serial No. 09/466,625 - 1 1- Docket RSW990077 



PAGE 13/27 * RCVD AT 1/712004 6:07:14 PM [Eastern Standard Time] * SVR:USPT0-EFXRF-1/5 * DNIS:8729306 * CSID:4073437587 1 DURATION (mm-ss):06-50 



01/07/2094*18:12 4073437587 FAX PAGE 14 



2 is a Resource Access Control Facility (RACF) system. 

1 Claim 25 (original): The method as claimed in Claim 19, wherein said server machine is a Web 

2 application server machine. 

1 Claim 26 (currently amended): A method for providing end- to-end user authentication for legacy 

2 host application access in a computing environment The imthod <u> claimed iu Chini 19, fmtlicr 

3 comprising the steps of: 

4 establishing a secure session from a client mach ine to a ser ver machine using a digital 

5 certificate transmitted from said client machine to s aid server machine, wherein said digital 

6 certificate represents said client machine or a user thereof. 

7 grtorin p said transmitted digital certificate at sa id server machine; 

8 establishing a session from said server machine to a host system on behalf of said client 

9 machine^jcesoonsive to establishment of said secure session, using a legacy hnyt communication 

10 protocol: 

11 aiitftmfltica llv sending a log-on message from said client machine to said server machine, 

12 responsive to receiving, at said client machine, a request from said host system for log-on 

13 information of said user, wherein said log-on message_uses placeholder syntax in place of a user 

14 identifier and a password of said user; 

15 passing said stored digital certij5cate_from said server machine to a host access security 

16 system responsive to rec^tvtn^ # said server machine, said log-on message from said client 
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17 machine; 

18 using, bv said host access security system, said passed Hiatal certificate to locate access 

19 credentials for said user; 

20 n-hi^np T frr>T* **M host access security system to said server machine, a user, identifig; 

21 a ssociated with said located access crede ntials ^nrf either a stored password or a generated 
^22 password substitute re p"* 8 *"*"^ said locate d credentials; 

i23 modifying, bv said server machine, said received bg -on message by rcplacingsaid 



placeholder syntax with said returned user identifier and password or password substitute; and 

25 forwarding said modified log-on message from said server to said ho$t system as a 

26 response to said request for k)g~on information, suc h that said user identifier and password pr 

27 password substitute from said forwarded log-on message ca n be used bv said host system to 

28 t^ngparentl v lop said user on to a secure legacy host application executing at said host system, 

29 without requiring change to said host system 

30 requesting by mid legaiy h o &t appKc^ i on, x espons r ve to said step o f est ablishing said 

31 sessi o n, log on information for said user; 

32 resp o nding to said r e quest for l o g uii iiifomratiou by sending a l o g o n messag e with 

33 plac e holders from said clien t machine to said server machine, said p laceholders repr e s en t in g a 

34 user identificati o n and a passw or d o f said user; and 

35 • sub s tituting a user identifie r associa t ed w i th said l o ca te d a cces s cre d e n t ials and said s to red 

36 password or said generated p as s tick c t for said p lac e h o lde r s in s aid tog on m e ssag e . 
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Claim 27 (canceled) 

1 Claim 28 (new); The method as claimed in Claim 26, wherein said digital certificate is an X.509 

2 certificate. 

1 Claim 29 (new): The method as claimed in Claim 26, wherein said communication protocol is a 

2 3270 emulation protocol 

1 Claim 30 (new): The method as claimed in Claim 26, wherein said communication protocol is a 

2 5250 emulation protocol. 

1 Claim 3 1 (new): The method as claimed in Claim 26, wherein said communication protocol is a 

2 Virtual Terminal protocol. 

1 Claim 32 (new): The method as claimed in Claim 26, wherein said host access security system is 

2 a Resource Access Control Facility (RACF) system- 

1 Claim 33 (new): A method of enabling a user at a client device to transparently log on to a legacy 

2 session with a legacy host application, without requiring change to said legacy host application, 

3 comprising steps of: 

4 caching a digital certificate associated with said client device,, or a user thereof, at a server 
Serial No. 09/466,625 -14- Docket RSW990077 
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5 to which said digital certificate has been provided for authentication of said client device or said 

6 user; 

7 initiating, by said server on behalf of said client device, said legacy session with said legacy 

8 host application; 

9 automatically responding, by said client device, to a log-on request from said legacy host 

I o application, where said log-on request is sent by said legacy host application responsive to said 

I I initiating step, by sending a log-on message in which placeholder syntax is used in place of a user 

1 2 identifier and password expected by said legacy host application; and 

13 before forwarding said sent log-on tnessage from said server to said legacy host 

1 4 application, performing steps of: 

1 5 using said cached digital certificate to obtain, at said server from a host access 

1 6 security system, said expected user identifier and either said expected password or a password 

17 substitute therefor which is generated by said host access security system; and 

1 8 replacing said placeholder syntax in said sent log-on message with said obtained 

1 9 user identifier and password or password substitute. 
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